The Firefox add-on efficiently tests for reflected Cross-Site Scripting.
XSS-Me is specifically designed to test for reflected XSS, meaning it does not currently support stored XSS testing. When you use this tool, it will submit your HTML forms and replace the form value with strings that represent an XSS attack.
If the resulting HTML page sets a particular JavaScript value (document.vulnerable=true), the tool will identify the page as vulnerable to the given XSS string. Note that XSS-Me does not actually attempt to compromise the security of your system. Instead, it focuses on finding possible entry points for an attack against your system. This means there's no port scanning, packet sniffing, password hacking, or firewall attacks involved.
In a sense, XSS-Me's work is similar to what QA testers for your site might do manually. By entering all of these strings into form fields, the tool helps you identify potential weaknesses so you can address them before they become security issues. If you're looking for an effective way to test for XSS vulnerabilities, give XSS-Me a try.
Version 0.4.3: N/A